Elysia.js Backend

TurboStack uses Elysia.js - a high-performance TypeScript web framework optimized for Bun runtime.

Key Features

Type Safety

End-to-end type inference from routes to response

Blazing Fast

Built for Bun runtime with exceptional performance

OpenAPI

Auto-generated Swagger documentation

Validation

Built-in request validation with TypeBox

Directory Structure

apps/backend/
├── src/
│   ├── index.ts           # App entry point & middleware
│   ├── routes/
│   │   ├── auth.ts        # Authentication endpoints
│   │   ├── users.ts       # User management
│   │   ├── polar.ts       # Payment endpoints
│   │   ├── health.ts      # Health checks
│   │   └── webhooks.ts    # Webhook handlers
│   ├── services/
│   │   ├── auth.service.ts    # Auth business logic
│   │   ├── email.service.tsx  # Email sending (React Email)
│   │   └── polar.service.ts   # Payment logic
│   ├── middleware/
│   │   └── auth.ts        # JWT verification
│   └── emails/
│       └── templates/     # React Email templates
├── tsconfig.json
└── package.json

Main Entry Point

The API is configured with essential middleware: 
import { Elysia } from "elysia";
import { cors } from "@elysiajs/cors";
import { rateLimit } from "elysia-rate-limit";

const app = new Elysia()
  // CORS for frontend access
  .use(cors({
    origin: process.env.CORS_ORIGIN || "http://localhost:4100",
    credentials: true,
  }))
  // Rate limiting: 100 requests/minute
  .use(rateLimit({
    duration: 60 * 1000,
    max: 100,
    errorResponse: new Response(
      JSON.stringify({
        success: false,
        error: "Too Many Requests",
      }),
      { status: 429 }
    ),
  }));

API Endpoints

MethodEndpointTagDescription
GET/-API info & version
GET/healthHealthHealth check
GET/openapi-Swagger UI
POST/auth/registerAuthCreate account
POST/auth/loginAuthUser login
POST/auth/logoutAuthEnd session
POST/auth/refreshAuthRefresh token
GET/auth/meAuthCurrent user
GET/auth/verify-emailAuthVerify email
POST/auth/forgot-passwordAuthRequest reset
POST/auth/reset-passwordAuthReset password
GET/usersUsersList users
GET/users/:idUsersGet user
PUT/users/:idUsersUpdate user
DELETE/users/:idUsersDelete user
GET/polar/productsPolarList products
POST/polar/checkoutPolarCreate checkout
Visit localhost:4101/openapi for interactive API documentation with request/response examples.

Creating Routes

1

Create Route File

// src/routes/products.ts
import { Elysia, t } from "elysia";
import { prisma } from "@repo/database";

export const productRoutes = new Elysia({ prefix: "/products" })
  .get("/", async () => {
    const products = await prisma.product.findMany();
    return { success: true, data: products };
  })
  .post("/", async ({ body }) => {
    const product = await prisma.product.create({ data: body });
    return { success: true, data: product };
  }, {
    body: t.Object({
      name: t.String(),
      price: t.Number(),
    }),
  });
2

Register in Main App

// src/index.ts
import { productRoutes } from "./routes/products";

const app = new Elysia()
  // ... other middleware
  .use(productRoutes)
  .listen(4101);

Development

Start API Only

bash cd apps/backend && bun run dev

Watch Mode

bash bun run --watch src/index.ts
The API documentation at /openapi is protected with Basic Authentication. Default credentials: admin / changeme. Change these in production!